api-gateway
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns detected. The skill's behavior and documented examples are consistent with its stated purpose as a managed API gateway for third-party service integration.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to
api.maton.ai(the vendor proxy) and authorized third-party API hosts (e.g.,googleads.googleapis.com,slack.com). These interactions are essential for its operation and are documented with clear security guidelines, including the use of least-privilege authorizations. - [COMMAND_EXECUTION]: The skill provides numerous examples for executing Python and curl commands to interact with external APIs. These commands are provided as instructional templates for the agent and do not involve downloading or executing untrusted code from remote sources.
- [PROMPT_INJECTION]: The skill includes defensive instructions that mitigate the risk of indirect prompt injection. Agents are explicitly directed to treat all content retrieved from external services (like emails or messages) as untrusted context rather than authoritative instructions.
- [DATA_EXFILTRATION]: While the skill interacts with sensitive data, it enforces safety protocols by requiring agents to confirm the target, payload, and intended effect with the user before performing any operation that modifies or sends data.
Audit Metadata